/*
 *
 * Paros and its related class files.
 *
 * Paros is an HTTP/HTTPS proxy for assessing web application security.
 * Copyright (C) 2003-2004 Chinotec Technologies Company
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the Clarified Artistic License
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * Clarified Artistic License for more details.
 *
 * You should have received a copy of the Clarified Artistic License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
// ZAP: 2012/01/02 Separate param and attack
// ZAP: 2012/04/25 Added @Override annotation to all appropriate methods and
// removed unnecessary cast.
// ZAP: 2013/01/23 Clean up of exception handling/logging.
// ZAP: 2013/03/03 Issue 547: Deprecate unused classes and methods
// ZAP: 2013/05/02 Re-arranged all modifiers into Java coding standard order
// ZAP: 2013/07/12 Issue 713: Add CWE and WASC numbers to issues
// ZAP: 2019/06/01 Normalise line endings.
// ZAP: 2019/06/05 Normalise format/style.
package org.parosproxy.paros.core.scanner;

import java.util.Vector;
import java.util.regex.Pattern;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.URIException;
import org.apache.log4j.Logger;
import org.parosproxy.paros.network.HttpMessage;

/**
 * @deprecated No longer used/needed (FilePlugins were replaced with Forced Browse). It will be
 *     removed in a future release.
 */
@Deprecated
public abstract class AbstractDefaultFilePlugin extends AbstractHostPlugin {

    private static final Logger logger = Logger.getLogger(AbstractDefaultFilePlugin.class);

    private static final Pattern patternItems = Pattern.compile(",");
    private static final String[] SPECIAL_TAG_LIST = {"@cgibin"};

    private static final String[] TAG_REPLACE_LIST = {
        "cgi-bin,cgi-local,htbin,cgi,cgis,cgi-win,bin,scripts"
    };

    private URI baseURI = null;
    private Vector<URI> listURI = new Vector<>();

    protected void addTest(String directories, String files) {
        String[] dirList = null, fileList = null;
        String dir = "", file = "";

        directories = directories.trim();
        files = files.trim();
        for (int i = 0; i < SPECIAL_TAG_LIST.length; i++) {
            directories = directories.replaceAll(SPECIAL_TAG_LIST[i], TAG_REPLACE_LIST[i]);
        }

        try {
            dirList = patternItems.split(directories);
            fileList = patternItems.split(files);
            for (int i = 0; i < dirList.length; i++) {
                dir = dirList[i].trim();
                if (!dir.startsWith("/")) {
                    dir = "/" + dir;
                }

                for (int j = 0; j < fileList.length; j++) {
                    file = fileList[j].trim();
                    try {
                        URI uri = createURI(baseURI, dir, file);
                        listURI.add(uri);
                    } catch (URIException eu) {
                    }
                }
            }
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
    }

    private URI createURI(URI base, String dir, String file) throws URIException {
        if (!dir.startsWith("/")) {
            dir = "/" + dir;
        }

        if (!file.startsWith("/") && !dir.endsWith("/")) {
            file = "/" + file;
        }

        String path = dir + file;
        URI uri = new URI(base, path, true);
        return uri;
    }

    /** @return Returns the baseURI. */
    public URI getBaseURI() {
        return baseURI;
    }
    /** @return Returns the listURI. */
    public Vector<URI> getListURI() {
        return listURI;
    }

    @Override
    public void init() {
        baseURI = getBaseMsg().getRequestHeader().getURI();
    }

    @Override
    public void scan() {
        for (int i = 0; i < getListURI().size() && !isStop(); i++) {
            // ZAP: Removed unnecessary cast.
            URI uri = getListURI().get(i);
            HttpMessage msg = getNewMsg();
            try {
                msg.getRequestHeader().setURI(uri);
                msg.getRequestBody().setLength(0);
                sendAndReceive(msg);
                if (isFileExist(msg)) {
                    bingo(
                            Alert.RISK_MEDIUM,
                            Alert.CONFIDENCE_LOW,
                            uri.toString(),
                            "",
                            "",
                            "",
                            "",
                            msg);
                }
            } catch (Exception e) {
            }
        }
    }
}
